diff options
author | Thomas Jarosch <thomas.jarosch@intra2net.com> | 2016-07-30 23:10:50 +0200 |
---|---|---|
committer | Thomas Jarosch <thomas.jarosch@intra2net.com> | 2016-07-30 23:55:16 +0200 |
commit | 2d60937932a44ed5dfe3afecdae846386275a25a (patch) | |
tree | 7c73bb02ca722174ef5387fdbb2988f6b193b5a2 /etc | |
parent | fixes (diff) | |
download | firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.gz firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.zst firejail-2d60937932a44ed5dfe3afecdae846386275a25a.zip |
Add profiles for tar (gtar), unzip and unrar
I've tested compression and uncompression of
various tar formats and also straced unzip/unrar
regarding their file access in /etc.
-> should be fine.
If you want to unpack files in /usr/bin,
then use the --ignore=private-bin switch.
Same for /etc: --ignore=private-etc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/gtar.profile | 1 | ||||
-rw-r--r-- | etc/tar.profile | 13 | ||||
-rw-r--r-- | etc/unrar.profile | 11 | ||||
-rw-r--r-- | etc/unzip.profile | 11 |
4 files changed, 36 insertions, 0 deletions
diff --git a/etc/gtar.profile b/etc/gtar.profile new file mode 100644 index 000000000..5dbc550f6 --- /dev/null +++ b/etc/gtar.profile | |||
@@ -0,0 +1 @@ | |||
include /etc/firejail/tar.profile | |||
diff --git a/etc/tar.profile b/etc/tar.profile new file mode 100644 index 000000000..4ce3e59f0 --- /dev/null +++ b/etc/tar.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # tar profile | ||
2 | include /etc/firejail/default.profile | ||
3 | |||
4 | tracelog | ||
5 | net none | ||
6 | shell none | ||
7 | |||
8 | # support compressed archives | ||
9 | private-bin tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | ||
10 | private-dev | ||
11 | private-etc passwd,group,localtime | ||
12 | hostname tar | ||
13 | nosound | ||
diff --git a/etc/unrar.profile b/etc/unrar.profile new file mode 100644 index 000000000..ccd144699 --- /dev/null +++ b/etc/unrar.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # unrar profile | ||
2 | include /etc/firejail/default.profile | ||
3 | |||
4 | tracelog | ||
5 | net none | ||
6 | shell none | ||
7 | private-bin unrar | ||
8 | private-dev | ||
9 | private-etc passwd,group,localtime | ||
10 | hostname unrar | ||
11 | nosound | ||
diff --git a/etc/unzip.profile b/etc/unzip.profile new file mode 100644 index 000000000..d4862004c --- /dev/null +++ b/etc/unzip.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # unzip profile | ||
2 | include /etc/firejail/default.profile | ||
3 | |||
4 | tracelog | ||
5 | net none | ||
6 | shell none | ||
7 | private-bin unzip | ||
8 | private-dev | ||
9 | private-etc passwd,group,localtime | ||
10 | hostname unzip | ||
11 | nosound | ||